HTML Entity Encoder / Decoder

Last updated:

Convert special characters to safe HTML entities, or decode entities back to readable text. Choose named or numeric output to prevent broken markup and protect against cross-site scripting in user-generated content.

Runs in your browser. Nothing is uploaded.

Refer a Client, Earn 10% or $100

Use our tools for client work? When a client needs a website, SEO, or AI-search visibility, send them our way and earn 10% or $100, whichever is greater.

How the HTML Entity Tool Works

  1. Choose a mode, Encode to escape characters, Decode to restore them.
  2. Pick output type, named entities for readability or numeric for full Unicode coverage.
  3. Optional full escaping, encode every non-ASCII character for maximum compatibility.
  4. Copy the result, paste safe markup into your HTML, CMS, or templates.

Why Entity Encoding Matters

  • Prevents XSS, escaping user input stops injected scripts from running.
  • Fixes broken layouts, raw < and & characters can break parsing and display.
  • Safe attributes, encoding quotes keeps attribute values from terminating early.
  • Portable content, numeric entities render reliably across encodings and email clients.

If unescaped user input is putting your site at risk, our web design services build secure front ends with proper output encoding baked in.

Common HTML Entities Reference

Named entities are readable, while numeric entities work for any character and across legacy encodings. The five core characters at the top of the table must be escaped to keep markup safe and valid.

Character Named entity Numeric
&&amp;&#38;
<&lt;&#60;
>&gt;&#62;
"&quot;&#34;
'&apos;&#39;
non-breaking space&nbsp;&#160;
©&copy;&#169;
®&reg;&#174;
&mdash;&#8212;
&euro;&#8364;

Next steps

HTML Entity Encoder / Decoder related tools and articles

Continue with the closest follow-up checks and guides based on this tool's topic, crawl intent, and optimization workflow.

HTML Entity Encoder / Decoder: FAQ

What characters does Encode convert by default?
It always encodes ampersands, angle brackets, double quotes, and apostrophes. With named output selected, it also encodes the supported named non-ASCII characters in its built-in list, including copyright, trademark, euro, pound, yen, degree, and non-breaking space.
What changes when I enable numeric entities?
Supported characters are emitted as decimal numeric references such as &#38; instead of named references such as &amp;. Numeric mode also leaves ordinary non-ASCII characters unchanged unless Encode all non-ASCII is enabled.
What does Encode all non-ASCII do?
It converts every Unicode code point above ASCII 127 to a decimal numeric reference when no built-in named entity is available. Emoji and other supplementary characters are processed as whole code points, not split UTF-16 halves.
Which entity forms can Decode handle?
Decode recognizes semicolon-terminated named entities, decimal numeric references, and hexadecimal numeric references. References without a trailing semicolon and text that does not match those forms are left unchanged.
Why did encoding already encoded text produce &amp;amp;?
The encoder treats every ampersand as literal input, so running it on an existing &amp; reference encodes that ampersand again. Decode first or start from the unencoded source when you want to avoid double encoding.
Does encoded HTML become safe to insert in every context?
No. Context matters. Encoding the five markup-sensitive characters is useful for HTML text and attribute values, but it is not a substitute for a trusted escaping or sanitization library for JavaScript, CSS, URLs, templates, or untrusted rich HTML.
What does Swap do in the HTML entity tool?
Swap moves the current output into the input and switches between Encode and Decode. It is convenient for checking a round trip, although decoding and re-encoding may choose a different named or numeric representation.
Is the text I paste uploaded anywhere?
No. Encoding and decoding run entirely in your browser using local JavaScript and a temporary textarea element. This tool does not send the pasted text to a Web Aloha server.

Need a Secure, Well-Built Website?

We build fast, secure websites with clean markup, proper escaping, and strong technical foundations.